The Claude Code source code leak: Takeaways for cybersecurity pros
What happens when one of the world’s most popular AI coding tools falls into the wrong hands? On this episode of Security Intelligence, Nick Bradley, Dave Bales and JR Rao discuss the Claude Code source code leak. Attackers are already using the opportunity to spread malware through fake repos, but the real question is how threat actors might use their newfound knowledge of Claude Code’s internals to wreak havoc on AI agents and the CI/CD pipeline.
Then, we follow up on our old friends TeamPCP, Shiny Hunters and Lapsus$, whose overlapping data breach claims are causing no small amount of confusion and consternation among security pros. We examine the credential rotation problem and the uneven security surface of modern supply chains that helped get us in this mess. Plus: Threat intelligence usually focuses on attacks that did happen. But what if we started talking about the ones that didn’t? And do cybercriminals have anything to teach us about “mature” AI adoption? Some big names seem to think so.
All that and more on Security Intelligence.
Segments:
- 00:00 – Intro
- 1:12 – The Claude Code leak
- 11:19 – TeamPCP’s breach spree
- 21:21 – “Close-call” databases
- 29:28 – Cybercrime and AI adoption
The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.
